2024-06-14_0f333cd6f4def0ed3496e474e4014406_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_0f333cd6f4def0ed3496e474e4014406_ryuk
Size

1.2MB
MD5

0f333cd6f4def0ed3496e474e4014406
SHA1

a70c110464f4735102af86686d161f0e87a882dd
SHA256

665a0c424289a78851128649c0917753fef2b44b7f4134018c6ee904152131f3
SHA512

c84143fff0b94c57e7e863312f53171154dbca931fa29f5cbe3aba99649abe2ebf985eb83166b2c1231186839baef5a329c6102115f041fef54a5628c97543e1
SSDEEP

24576:cOCR+OQ4HgFDHrSxQBODP62/ru0EXDuSWWmijPz2MPOOsx8KCwzeo:zw+OQMgFDHrSDP6wrOumjPzPE68C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-14_0f333cd6f4def0ed3496e474e4014406_ryuk

Files

2024-06-14_0f333cd6f4def0ed3496e474e4014406_ryuk
.exe windows:6 windows x64 arch:x64

1f972b1a5b5e38566aaadf96627fa5fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList

wininet

InternetQueryOptionW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

kernel32

LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
lstrcmpiW
GetCommandLineW
DecodePointer
CloseHandle
SetLastError
SetEvent
WaitForSingleObject
CreateMutexW
CreateEventW
Sleep
CreateThread
GetCurrentThreadId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
MulDiv
lstrcmpW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetExitCodeThread
GetTickCount
CopyFileW
LCIDToLocaleName
OpenEventW
GetCurrentProcessId
CreateProcessW
ProcessIdToSessionId
WriteConsoleW
LoadLibraryW
LoadResource
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDefaultLangID
ExpandEnvironmentStringsW
CreateDirectoryW
SetFileAttributesW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RtlPcToFileHeader
LocalFree
GetStartupInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
VirtualProtect
VirtualQuery
MoveFileExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetStringTypeW
GetFileType
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc
CreateFileW
WTSGetActiveConsoleSessionId
FlushFileBuffers
SetEndOfFile
TlsGetValue
TlsSetValue
TlsFree
ReadFile
GetACP
GetSystemDirectoryW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetConsoleCP
GetCPInfo
IsValidCodePage
GetOEMCP
GetSystemInfo

user32

SetForegroundWindow
SetMenuDefaultItem
TrackPopupMenuEx
GetSubMenu
GetSystemMetrics
KillTimer
SetTimer
MsgWaitForMultipleObjects
MapVirtualKeyExW
GetKeyNameTextW
SendDlgItemMessageW
EndDialog
CreateDialogParamW
IsWindowVisible
ShowWindow
PostQuitMessage
UnregisterDeviceNotification
GetWindowRect
SetWindowContextHelpId
MessageBoxW
GetCursorPos
RegisterDeviceNotificationW
UnregisterHotKey
RegisterHotKey
GetKeyboardLayout
GetKeyboardLayoutList
ActivateKeyboardLayout
LoadKeyboardLayoutW
PeekMessageW
LoadCursorW
GetWindow
GetParent
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
MapDialogRect
GetWindowTextLengthW
GetWindowTextW
LoadIconW
LoadImageW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharUpperW
CreateDialogIndirectParamW
SetWindowPos
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
CharNextW
GetDlgItem
UnregisterClassW
SendMessageW
FindWindowW
ReleaseDC
GetDC
InsertMenuW
DestroyMenu
CreatePopupMenu
PostMessageW
GetDisplayConfigBufferSizes
SetDisplayConfig
QueryDisplayConfig
GetClientRect
GetClassNameW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

ole32

CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleRun
CoCreateInstance
CLSIDFromProgID
StringFromGUID2
CoInitialize
OleInitialize
OleUninitialize
OleLockRunning
CoInitializeEx
CLSIDFromString

shell32

SHFileOperationW
Shell_NotifyIconW
SHCreateItemFromParsingName

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayUnlock
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
RegisterTypeLi
UnRegisterTypeLi
OleCreateFontIndirect
GetErrorInfo
SysAllocString

shlwapi

StrStrW

gdi32

DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
GetStockObject
SelectObject
GetObjectW
GetDeviceCaps

bcrypt

BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f972b1a5b5e38566aaadf96627fa5fb

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

setupapi

wininet

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

bcrypt

Sections

.text Size: 344KB - Virtual size: 344KB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 25KB - Virtual size: 103KB

.pdata Size: 18KB - Virtual size: 18KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 148KB - Virtual size: 148KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 344KB - Virtual size: 344KB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 25KB - Virtual size: 103KB

.pdata
Size: 18KB - Virtual size: 18KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 148KB - Virtual size: 148KB

.reloc
Size: 568KB - Virtual size: 572KB